We just published a blog post on creating new Volatility 3 plugins to detect hidden services on Windows:
https://volatility-labs.blogspot.com/2023/03/memory-forensics-r-d-illustrat…
The post covers background on how malware abuses services, how services are tracked on a live system, and how we developed our new plugins.
Feedback and comments encouraged!
— The Volatility Team
We are excited to announce that we are resuming our in-person training course!
The first in-person course of 2023 will take place May 8–12 in Reston,
VA. We are also exploring potential venues for a Fall 2023 course in
Europe.
Full information on the course, including the many new updates being
added for 2023, can be found on our blog post here:
https://volatility-labs.blogspot.com/2023/01/the-return-of-in-person-volati…
We are really looking forward to resuming in-person training, and we
hope to see many of you in Reston. Please let us know if you have any
questions.
-- The Volatility Team
Hello All,
We are writing to gauge interest in our team resuming in-person
Malware and Memory Forensics trainings. We have not held one of these
since early 2020 but have started to receive inquiries about when they
would return. To help with our decision making, we have put together a
survey to help shape a potential in-person training in the USA in the
Fall. If you have interest in attending this course, or if would like
to suggest alternative options, then please fill out the survey here:
https://www.memoryanalysis.net/training-2022-survey
The survey will close next Friday on April 29th.
We would like to note that our self-paced, online training will remain
in place even when in-person trainings resume.
https://volatility-labs.blogspot.com/2021/01/malware-and-memory-forensics-t…
Please let us know if you have any questions or concerns.
Also, our mailing lists were having issues so we needed to resend this
message. We apologize if you receive it multiple times.
Thanks,
The Volatility Team
Hello All,
We are writing to gauge interest in our team resuming in-person
Malware and Memory Forensics trainings. We have not held one of these
since early 2020 but have started to receive inquiries about when they
would return. To help with our decision making, we have put together a
survey to help shape a potential in-person training in the USA in the
Fall. If you have interest in attending this course, or if would like
to suggest alternative options, then please fill out the survey here:
https://www.memoryanalysis.net/training-2022-survey
The survey will close next Friday on April 29th.
We would like to note that our self-paced, online training will remain
in place even when in-person trainings resume.
https://volatility-labs.blogspot.com/2021/01/malware-and-memory-forensics-t…
Please let us know if you have any questions or concerns.
Thanks,
The Volatility Team
The Call for Papers for the 2022 DFRWS USA conference is open!
Since 2005, DFRWS has been one of the main venues for publishing
cutting edge research and techniques related to memory forensics.
It is also a great venue to publish a peer-reviewed paper in an
academic setting that understands the value of memory forensics and
malware analysis.
If you are interested in submitting, then please see this year's CFP:
https://dfrws.org/dfrws-usa-2022-call-for-papers-is-open/
Thanks,
Andrew
We (the Volatility team) are often asked about what the memory forensics R&D process looks like, and how the abuse of an API by malware or a new code injection technique can be successfully uncovered by a Volatility plugin.
To illustrate this process, we just published a blog post that takes you from analyzing a potent target - the Skeleton Key attack of Mimikatz - through developing a new Volatility 3 plugin that can automatically detect it:
https://volatility-labs.blogspot.com/2021/10/memory-forensics-r-illustrated…
Feedback and comments are greatly appreciated.
We hope you enjoy the post!
We are very excited to announce that our malware and memory forensics training course is now available online!
Full information can be found here:
https://volatility-labs.blogspot.com/2021/01/malware-and-memory-forensics-t…
This course deeply covers all aspects of memory analysis and ensures that you are ready to take on modern threats.
If you have any questions then please let us know.
- The Volatility Team
We just posted a new writeup on a common analysis task required when investigating real world systems - deciphering hooks placed by AV/EDR vs those placed by malware
The post can be found here:
https://volatility-labs.blogspot.com/2020/05/when-anti-virus-engines-look-l…
Please let us know if you have any questions or comments, and we hope you enjoy the read!
At a recent Volexity Cyber Security Session, Steven Adair gave a presentation on how OceanLotus lures and targets its victims, including malware, fake news websites and organizations, and fake social media campaigns. If you want to see what real nation-state level targeting looks like then check out his talk:
https://www.volexity.com/company/resources/digital-surveillance-and-cyberes…
